Google, Facebook: "do not track" bill a threat to California economy

Google and Facebook are warning legislators of dire consequences if California passes a "do not track" bill. The proposed law would require companies doing online business in the Golden State to offer an "opt-out" privacy mechanism for consumers.

Senate Bill 761 "would create an unnecessary, unenforceable and unconstitutional regulatory burden on Internet commerce," says the letter in opposition to the measure. "The measure would negatively affect consumers who have come to expect rich content and free services through the Internet, and would make them more vulnerable to security threats."

Signed: Google, Facebook, Time Warner Cable, CTIA - The Wireless Association, the California Chamber of Commerce, and about thirty other associations and companies.

A method for consumers

The legislation in question comes from the office of state senator Alan Lowenthal (D-Long Beach). Lowenthal's bill would require the state's Attorney General to deploy regulations by July 1, 2012 forcing any business that uses, collects, or stores online data to offer California consumers "a method to opt out of that collection, use, and storage of such information."

According to its summary, the bill would specify:

that such information, includes, but is not limited to, the online activity of an individual and other personal information. The bill would subject these regulations to certain requirements, including, but not limited to, a requirement that a covered entity disclose to a consumer certain information relating to its collection, use, and storage information practices. The bill would, to the extent consistent with federal law, prohibit a covered entity from selling, sharing, or transferring a consumer's covered information. The bill would make a covered entity that willfully fails to comply with the adopted regulations liable to a consumer in a civil action for damages, as specified, and would require such an action to be brought within a certain time period.

What would this "covered information" include? The "date and hour of online access," the location from which the information was accessed, the "means" (presumably the broadband device and its operating system) by which the data was obtained and stored, the user's IP address, "personal information" that would include but not be limited to postal and e-mail addresses, and government identification numbers such as drivers' licenses, passport numbers, and tax IDs. Credit card numbers and security codes are also part of the definition.

Entities that do not collect "sensitive information" would be exempt from the law, however. These are defined as services that do not obtain and store information that relates directly to a consumer's medical history, ethnicity, religion, sexual orientation, or financial status.